Hackers Are Targeting VoIP Providers In Ransomware Attacks

Provider Telnyx suffered outage over multiple days after threat actors disrupted its services.
Jack Turner

VoIP service Telnyx became the latest in a line of VoIP services to suffer outages, after it was hit by hackers this week.

The victim of a distributed denial of service (DDoS) attack, the company warned its users that they may experience a break in service, and dropped calls, while the attack was ongoing.

Hackers have hit out at other VoIP providers in the last few weeks, including VoIP Unlimited and Voipfone.

What Happened in Telnyx DDoS Attack?

The attack on Telnyx began on the 9th of November. Telnyx posted a message on its support page informing customers that it was experiencing a DDoS attack, and that they may suffer outages. I added that its course of action to remedy the issue was to  migrate traffic to the CloudFlare network.

The company confirmed that all systems were operational on the 11th of November, and global traffic now sat behind CloudFlare's DDoS protection systems.

‘Telnyx is currently experiencing a DDoS attack. Until we reach a resolution, you may be experiencing failed calls, API and portal latency/time outs, and/or delayed or failed messages'. – Telnyx support message

It is believed that the purpose of these attacks at Telnyx and across the industry is to disrupt services and extort money, according to some experts.

‘Unprecedented' Attack on VoIP Networks

Unfortunately, the attack on Telnyx this week isn't an isolated incident. In September, Voipfone was hit with a DDoS attack, and yet again, in late October. Another provider, Canada-based VoIP.ms, was also attacked in September.

In the case of VoIP.ms, a demand was issued to the company from an account purporting to be the hackers, demanding 100 Bitcoin, around $4.2 million.

‘ok, enough communication. The price for us to stop is now 100 Bitcoin. I am sure your customers will appreciate your 0 f**ks given attitude in multiple law suits. REvil.' – Twitter message to VoIP.ms from hackers

The group on Twitter claimed to be REvil, a notorious, organized gang that targets companies in ransomware attacks. The group was actually reported as suddenly going offline earlier in the year, but recent attacks suggest it may have returned.

Following the attacks, Comms Council UK told the BBC that the issue ‘appear[s] to be part of a co-ordinated extortion-focused international campaign by professional cyber-criminals', describing the scale of the attack as ‘unprecedented'.

‘We have never seen anything like it since we were established back in 2004' – Comms Council UK spokesperson

How Can I Avoid VoIP Attacks?

In reality, as a customer, there's little that companies can do to avoid DDoS attacks like this, and the responsibility lies solely with their VoIP provider.

Currently, it appears that the attacks have been aimed at smaller VoIP providers, who may be more vulnerable than the big name brands. We've also seen that those who have suffered attacks, such as VoIP.ms, have seen repeated attacks.

It may be small comfort, but unlike most ransomware attacks, the main aim of this DDoS method is to disrupt the service in an attempt to get the companies involved to pay up, rather than the more traditional route of threatening to leak sensitive data.

If you've been affected by a VoIP outage as a result of your provider suffering a DDoS attack, you may want to consider switching VoIP provider.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Jack is the Deputy Editor for Tech.co. He has been writing about a broad variety of technology subjects for over a decade, both in print and online, including laptops and tablets, gaming, and tech scams. As well as years of experience reviewing the latest tech devices, Jack has also conducted investigative research into a number of tech-related issues, including privacy and fraud.

Explore More See all news
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals